topic Re: CISSP Associates, how did you gain your relevant work experience in the 6 years? in Career Discussions

CISSP Associates, how did you gain your relevant work experience in the 6 years?

slee047 — Mon, 24 Sep 2018 14:39:15 GMT

As per topic, I am aware that in my region (Singapore) is offering CISSP training and even subsidize 70% of exam fees for its citizens and Permanent Resident while the entire exam fee is entirely subsidized for students and NSF (National Service Full-time, a.k.a Mandatory Conscription).

https://www.iss.nus.edu.sg/executive-education/course/detail/certified-information-systems-security-professional--(cissp-exam-only)/#tabsParent_2

1up to 70% CITREP+funding for Professionals (Singaporeans and Singapore PRs) and 100% CITREP+ funding for Students / NSF (Singaporeans) is available for the net payable exam fee

The question is assuming someone managed to become an associate by passing CISSP, how is he / she going to find the relevant work experience? What types of the job are the best for fresh Computer Science degree holders to step into for gaining relevant work experience needed by CISSP?

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

denbesten — Mon, 24 Sep 2018 17:05:30 GMT

Earned it before I took the test. Also made it much easier to pass because the test is very much experience based.

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

Damyen — Mon, 24 Sep 2018 17:17:40 GMT

First off congratulations on your achievement. Passing the CISSP exam is a big deal, and you should be very proud.

You have a few options, assuming you don't want to go into software engineering (that could be another thread). One option is to look for network administration or system administration jobs. You may need to supplement you CISSP Associates with a combination of CCNA, LPIC, or MCSE. All of these positions will have a security component as part of the job. You may install or maintain a firewall, perform identity and access management, maintain an asset database, or review security logs.

A second option would be to peruse an OSCP certification (penetration test). This is a very well respected (and extremely difficult) certification in pen test circles (CEH is required for some government positions and will get you through some HR filters; it is not as respected by the community as the OSCP). Achieving this cert will get your foot in the door as a penetration tester.

A third option (if you have no experience) would be to peruse a help desk position. This position also carries to most risk. You may actions/tasks associated with identity and access management. You could also pigeonhole yourself with a skillset that is only valuable to a single company and not an industry. So try to avoid positions where you only support a single client facing product for a single company unless they have a history of other employees transferring to a junior admin (sysadmin or network) position after a two or three years.

You will may receive a lot of feedback about how experience is king, and people may attempt to diminish what you have accomplished. If any specific advise does not apply to your situation just skip over it. Right now at this point in your career, you just have to find a position that will get your foot in the door. If possible and you have the time and resources available, research option two. You will take several months to prepart, but you have the ability to start as a pen tester. Plus you don't loose a few years in a transitional job.

Good luck and congrats again.

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

dcontesti — Mon, 24 Sep 2018 20:57:52 GMT

Firstly, kudos to the Singaporean government for trying to assist with the shortage of Security folks.

Touching base with the local (ISC)2 Chapter ( https://www.isc2chapter.sg/sgp/ ) or communications@isc2chapter.sg and start attending their meetings. This would be a good place to start networking. There is also an ISACA chapter that you could reach out to.

Contacting the chapter does not give a person experience per se but could put folks in touch with folks who MAY have entry level positions or know of some. No guarantees on this one.

Also, keep in mind if the person has an advanced degree (bachelor, etc.), they already have one of the years experience that they need.

As stated in the chain, working on a Help Desk is a good way to get experience, but also volunteering for organizations is also a good way. Network admin or system admin are also a good ways to get security experience. I have seen Help Desk admins doing authentication and authorization jobs in larger organizations.

Unfortunately, this is an age old problem.....I have the credentials but I don't have the experience. It was true when I was starting out as an accountant fresh out of university and it is true today. This is why I believe the networking portion is key. Hopefully the candidate will find both a mentor and a sponsor to help them develop their careers.

Regards

Diana

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

sergeling — Mon, 24 Sep 2018 22:28:00 GMT

As stated from the website, if you already have the appropriate degree, it can substitute for 1 year experience then you just need 4 more years experience.

https://www.isc2.org/Certifications/CISSP/experience-requirements

Full time, part time, even internship experience count as well. So if you have relevant internship experience during junior year in college it'd count towards total experience as well.

While helpdesk positions are often a good starting point for someone to get the foot in the door, I'd like to advise you to think about your career path. Does the company/position offer room for growth? Some company/position has distinct separation where helpdesk position only serve as call center to handle phone call and perform level 1 troubleshooting.

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

slee047 — Tue, 25 Sep 2018 00:17:04 GMT

Thanks for the well wishes and the valuable information.

Well, I started this thread because I know people have been saying that the best is to get the relevant experience before the test but there are schemes like the above in my area that probably could qualify a 70% subsidy of exam fees (I am no longer a student, and serving the conscription in Singapore is a must as a male before starting university studies).

Therefore, I would like to hear advice on how did these people managed to gain their experience while not able to state that they are CISSP.

I am just SSCP for now, and I apologize if the wording did created an assumption that I have did the CISSP test (I am planning right now, and evaluating options)

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

rslade — Tue, 25 Sep 2018 18:52:59 GMT

> slee047 (Newcomer I) posted a new topic in Career on 09-24-2018 10:39 AM in the

> The question is
> assuming someone managed to become an associate by passing CISSP, how is he /
> she going to find the relevant work experience? What types of the job are the
> best for fresh Computer Science degree holders to step into for gaining relevant
> work experience needed by CISSP?

You should be able, particularly with the Associate designation, to find admin level jobs in relevant fields. For example, network, firewall, or access control admin type jobs. (You will need to switch in order to get experience in the requisite number of domains.)

Another possibility is volunteer work. This will take longer (although it can be done in concert with regular work), and you will need to document it with letters of reference, but it will gain you wider experience. (Do a search on "volunteer" to get other discussions for particulars.)

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

j_M007 — Tue, 25 Sep 2018 19:57:54 GMT

Sweet deal -- kudos to the Gov of Singapore, and kudos to you as well. Security experience comes in many shapes, sizes and varieties. Associate of (ISC)2 is a rare and valuable credential; and it shows you are dedicated to excel in the profession.

I didn't write the exam until I considered that I had enough experience. Even then, my experience is more on the risk analysis, business continuity, recovery management facets. If you don't have plans to recover, plan not to recover. 😉 So I second guessed myself. All the while I was gaining more experience in change management, architecture, cryptology, IAM, etc.

The CIA triad is our concern - sometimes we focus more on integrity or confidentiality; sometimes more on availability and integrity. It's a bit of a Rubik's cube of sorts. Experience is where you can get experience -- and value it!

Anyone can be a great practitioner of security (social scientists, economists, linguists, pure and applied scientists.) It's not merely engineers and techies who are the only ones to offer insight.

In fact, it's often those with insight into the why rather than the how of the attack who can see the best ways to obviate it.

Keep learning, keep practicing, keep doing, keep exploring -- soon you will have the requisite experience. And always you will have colleagues and mentors out there who are thrilled to help you achieve your goals in the industry.

Best regards.

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

slee047 — Tue, 25 Sep 2018 23:27:55 GMT

Thanks for everyone’s input. So usually CISSP assoicates would use the 6 years to do either or the combination of:

1) Get additional network or system related certificates including but not limited to MCSE, LPIC, CCNP etc. in order to increase the likelihood for getting a job in junior level network administrator

2) Be a pentester with relevant certs especially OSCP, and CEH for HR purpose.

3) Volunteer to work in this area if possible

4) Join a local ISC2 Chapter if possible (Singapore has one) for networking, which increases the likelihood to find a suitable mentor / organisation for this purpose.

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

j_M007 — Wed, 26 Sep 2018 14:57:52 GMT

I don't know if this is applicable in your region (or even if it's applicable or relevant at all!) However, CISSP is not an entry-level cert given that one needs at least a few years of experience (often in IT, but not necessarily.)

How I learned a great deal about business and security is through taking on a number of jobs related to or nearly related to what I was seeking to accomplish. All my professional life I was the one asked to write about it, document it, describe it. Documentation is a great job because 1) no one wants to do it; 2) you become the most knowledgeable one in the room.

What I might suggest is that you continue a career track and be the "security guy" by applying the tools and techniques you have learned to assure the business processes and tasks you are doing meet best security practices.

In this way, you gain real-world experience and leadership skills to apply to your next jobs on the career path.

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

Chuxing — Thu, 27 Sep 2018 13:50:11 GMT

@slee047,

You may already know is, there's a conference coming up in Singapore 3-5 October, and that could be your networking / job searching opportunities:

http://www.cyberworlds-conference.org/

Best,

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

Chuxing — Thu, 27 Sep 2018 13:55:56 GMT

@slee047:

Another security related conference coming up near your is in KL:

https://www.nanosec.asia/

Best,

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

j_M007 — Thu, 27 Sep 2018 15:39:37 GMT

Excellent suggestions!

Other ways to gain hands-on experience are:

Volunteer in organizations that require expertise (interest groups, charities, sports organizations.) These groups are a huge source of word-of-mouth clients. Your work will be appreciated, and your experience will grow. (plenty of CPEs to be had)
Writing articles on security issues for community newsletters, blogs and so forth, informing people of the latest trends and threats. There is a dearth of well written material in the press.
Make yourself known (in a good way! cf. the discussion on these boards about "Anger Management") If you have an interest in something, you'll do it for fun before you do it for lucre.
Be the documenter. if other people RTFM what you've written (and it's good, concise, UP-TO-DATE!), you'll be the go-to resource.
Sharpen the saw. Meet professionals, and don't be shy to ask about opportunities.
Be humble (read about anger management in these pages); or in the words of the person who wrote this little gem: "Pride goeth before destruction, and an haughty spirit before a fall."
Make a success plan and keep track of your achievements -- Soon you'll be the old guy or gal dishing out advice! 😉

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

Early_Adopter — Thu, 27 Sep 2018 22:55:04 GMT

@slee047

Lots of great advice here.

I’d say that in Singapore as you are free to work in the field there are a lot of roles available that fit your requirements in FSI, Shipping, Tech, government etc. Most MNCs in cyber/tech have offices here and there are not enough talented people to go round(I owe my time in Singapore to this) - you’re a sought after commodity (interested/young), and while you’re not in a ‘name your price’ position I’d not see you having too many problems securing something that gets you the experience you need.

My recommendation would be to meet as many folks as you can, and when the time comes interview for some roles and sign up for the cybersecurity job that interests you, has the people you like/can learn from and offers the right personal development.

If it interestes you could push you career further along even further as post-graduate via a scholarship(you are probably aware - subsidised education plus something a bit like the UKs civil service fast track) - if you are eligble(pretty sure you would be as you are serving NS) you sign a bond, and this limits you in the market, but you’ll get some excellent experience(I’ve been impressed by the folks I’ve met who were on this program - not saying I’ve met them all mind):

https://www.nrf.gov.sg/programmes/national-cybersecurity-r-d-programme/national-cybersecurity-postgraduate-scholarship

https://sbr.com.sg/hr-education/commentary/what-scholar-really-means-in-singapore *

*this included for folks outside Singapore who are interested.

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

slee047 — Fri, 28 Sep 2018 01:39:28 GMT

Wow, interesting. But I have already got my degree from NTU and have started work. I did not know anything like this few years back and I do wonder if these are the new and recent initiatives.

But nevertheless, I started this thread is to facilitate such discussions for aspiring students & NSFs in Singapore as well as overseas folks who are in position to influence such decisions which can take reference here.

Re: CISSP Associates, how did you gain your relevant work experience in the 6 years?

Early_Adopter — Fri, 28 Sep 2018 02:56:16 GMT

Ah right, apologies, wrong end of the stick.

The scholarship program I think is open for bachelors, it’s probably aligned to output from the polytechnics, but the link I put in was actually for post graduate study, so might still be applicable to your case.

Govtech and CSA are definitely driving cybersecurity, I’d say I noticed it getting 2-3 years ago when I got asked to do a quick presentation on machine learning for a conference(SID), about the time CSA came into existence.

https://www.csa.gov.sg/~/media/csa/documents/publications/singaporecybersecuritystrategy.PDF